[sf-lug] -->ON-LIST minorish DNS fixes/cleanup: Re: Correct address for ns1.sf-lug.org? ...
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Sun Jan 9 09:39:51 PST 2022
And --> ON-LIST
... because why not? :-)
Also some earlier regarding Joker.com & ns00.sf-lug.org., etc.:
http://linuxmafia.com/pipermail/sf-lug/2020q2/014726.html
http://linuxmafia.com/pipermail/sf-lug/2020q2/014728.html
http://linuxmafia.com/pipermail/sf-lug/2020q2/014825.html
and some more related in:
http://linuxmafia.com/pipermail/sf-lug/2020q2/date.html
And the earlier 2001:470:1f04:19e::3 booboo was almost certainly mine. 8-O
I probably updated from the earlier
2001:470:1f04:19e::2 to
2001:470:1f04:19e::3
while the intended was:
2001:470:1f05:19e::3
Can also see the IPv6 addresses on the actual host, e.g.:
$ hostname && ip -6 a s | fgrep inet6 | sort
balug-sf-lug-v2.balug.org
inet6 2001:470:1f04:19e::2/64 scope global
inet6 2001:470:1f05:19e::2/64 scope global
inet6 2001:470:1f05:19e::3/64 scope global
inet6 2001:470:1f05:19e::4/64 scope global
inet6 2001:470:1f05:19e::5/64 scope global
inet6 2001:470:1f05:19e::6/64 scope global
inet6 2001:470:1f05:19e::7/64 scope global
inet6 ::1/128 scope host
inet6 fe80::5054:ff:fe13:5199/64 scope link
inet6 fe80::6056:aae5/64 scope link
$
And 2001:470:1f04:19e::3
would never have functioned - as could also be tested easily enough.
references/excerpts:
> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> Subject: Re: Correct address for ns1.sf-lug.org?
> Date: Sun, 09 Jan 2022 08:52:07 -0800
> Okay ... possibly notwithstanding TTL (and other slight
> delays/latencies) ...
> glue record corrected:
> ns1.sf-lug.org. 86400 IN AAAA 2001:470:1f05:19e::3
> And checked and found ns00.sf-lug.org. to be fully vestigial and
> entirely unneeded and effectively unused at this point,
> so went ahead and dropped ns00.sf-lug.org.
>
> Thanks.
>
> Turns out authoritative - but not additional (glue) - was correct
> on ns1.sf-lug.org. ... authoritative takes precedence, but the
> incorrect additional would've caused some additional DNS lookups
> and latencies.
>
>> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
>> Subject: Re: Correct address for ns1.sf-lug.org?
>> Date: Sun, 09 Jan 2022 08:18:32 -0800
>
>> Oh, ... spotted it ...:
>> $ dig @b0.org.afilias-nst.org. +noall +additional +norecurse
>> ns1.sflug.org. AAAA
>> ns1.sf-lug.org. 86400 IN AAAA 2001:470:1f04:19e::3
>> ns1.sf-lug.org. 86400 IN A 96.86.170.229
>> $
>> Yeah, that IPv6 is incorrect. I'll correct it.
>> TTL's 'n all that, may take a wee bit to be 100% better
>> across all of the working Internet.
>>
>>> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
>>> Subject: Re: Correct address for ns1.sf-lug.org?
>>> Date: Sun, 09 Jan 2022 08:13:53 -0800
>>
>>> 2001:470:1f05:19e::3 would be the correct IPv6 for SF-LUG,
>>> at least insofar as anything of SF-LUG's on the VM host
>>> balug-sf-lug-v2.balug.org,
>>> So ... where exactly are you seeing
>>> 2001:470:1f04:19e::3 come up? That would be incorrect.
>>> I'm not seeing it, at least in any public DNS "glue" records,
>>> e.g.:
>>> $ dig +short org. NS
>>> b2.org.afilias-nst.org.
>>> b0.org.afilias-nst.org.
>>> a2.org.afilias-nst.info.
>>> c0.org.afilias-nst.info.
>>> d0.org.afilias-nst.org.
>>> a0.org.afilias-nst.info.
>>> $ dig @b0.org.afilias-nst.org. +noall +additional +norecurse
>>> ns1.sf-lug.org. AAAA
>>> ns0.sf-lug.org. 86400 IN AAAA 2001:470:1f05:19e::3
>>> ns0.sf-lug.org. 86400 IN A 96.86.170.229
>>> $
>>>
>>> ns00.sf-lug.org.
>>> That (notably DNS name) is probably fully vestigial at this point,
>>> but I'd have to check a bit further to be sure.
>>> I was once-upon-a-time work-around for a registrar who's glue
>>> record management sucked - I believe it was on joker.com - it wasn't
>>> possible to change IP address of an existing glue record. Their
>>> (horrible) support said the only way to do it was to delete the glue
>>> record, then create it again with the correct IP address - which was
>>> not only much more disruptive - but also didn't work.
>>> Anyway, as I recall, got off of Joker.com (sf-lug.org was there per
>>> Jim Stockford's choice), but that was one of more than one serious
>>> technical issues with Joker.com and Jim wasn't really doing
>>> diddly with registrar stuff (and had screwed it up significantly
>>> multiple times in the past) so ... moved it off of Joker.com, as
>>> I recall.
>>>
>>> Anyway, I'll check further on ns00.sf-lug.org.
>>> and see if that DNS names is still needed for anything that still
>>> exists.
>>>
>>>> From: Al
>>>> Subject: Correct address for ns1.sf-lug.org?
>>>> Date: Sat, 8 Jan 2022 10:47:33 -0800
>>>
>>>> Michael,
>>>> I just finished some improvements in my chk_ns.sh script, and got
>>>> this output which I wanted to ask you about:
>>>>
>>>> c2.sh-main[775]|scanallns[712]|chkaddl[649]|dodiff[453]: ERROR:
>>>> DNS info comparison FAILED, Domain = sflug.org, Glue RRs for
>>>> sflug.org <<< >>> Publicly available RRs
>>>> c2.sh-main[775]|scanallns[712]|chkaddl[649]|dodiff[454]: Domain
>>>> sflug.org DIFF Glue RRs for sflug.org <<< >>> Publicly available
>>>> RRs
>>>> 2c2
>>>> < ns1.sf-lug.org. IN AAAA 2001:470:1f04:19e::3
>>>> ---
>>>>> ns1.sf-lug.org. IN AAAA 2001:470:1f05:19e::3
>>>> c2.sh-main[775]|scanallns[712]|chkaddl[649]|dodiff[456]: Domain
>>>> sflug.org DIFF Glue RRs for sflug.org <<< >>> Publicly available
>>>> RRs
>>>>
>>>> My DNS Slave configs all use the 1f05 address, and that's what is
>>>> in the auth nameservers so I'm assuming that's the right one.
>>>>
>>>> I am assuming the GLUE record in sf-lug.org for ns1 is out of whack.
>>>> I think that you are maintaining that record.
>>>>
>>>> I looked on Gandi.net where I have shared access to the domain
>>>> and see these glue records:
>>>> ns0.sf-lug.org
>>>> 2001:470:1f05:19e::3
>>>> 96.86.170.229
>>>>
>>>> ns00.sf-lug.org
>>>> 2001:470:1f05:19e::3
>>>> 96.86.170.229
>>>>
>>>> ns1.sf-lug.org
>>>> 2001:470:1f04:19e::3
>>>> 96.86.170.229
>>>>
>>>> The setup smacks of some unfinished migration and / or experimentation.
>>>>
>>>> Rather than "fix"(?) it myself, I thought it would be best to
>>>> raise this for discussion, especially since I don't know what you
>>>> are up to with these records.
>>>> I assume ns00 is 'cruft', left over from something or other.
>>>>
>>>> I also notice that the same setup with ns1.sf-lug.org as an
>>>> authoritative name server is used for sflug.net and sflug.com.
>>>>
>>>> As for being tidy, I see we're using different name server lists
>>>> for sflug.{com,net.org} and sf-lug.{com,net.org}
>>>> Doesn't necessarily need to be fixed.
>>>>
>>>> Al
More information about the sf-lug
mailing list